Manage app and add-on objects
When an app or add-on is created by a Splunk user, a collection of objects is created that make up the app or add-on. These objects can include views, commands, navigation items, event types, saved searches, reports, and more. Each of these objects have permissions associated with them to determine who can view or alter them. By default, the admin user has permissions to alter all the objects in the Splunk system.
Refer to these topics for more information:
- For an overview of apps and add-ons, refer to What are apps and add-ons? in this manual.
- For more information about app and add-on permissions, refer to App architecture and object ownership in this manual.
- To learn more about how to create your own apps and add-ons, refer to Developing Views and Apps for Splunk Web.
View app or add-on objects in Splunk Web
You can use Splunk Web to view the objects in your Splunk platform deployment in the following ways:
- To see all the objects for all the apps and add-ons on your system at once: Settings > All configurations.
- To see all the saved searches and report objects: Settings > Searches and reports.
- To see all the event types: Settings > Event types.
- To see all the field extractions: Settings > Fields.
- View and manipulate the objects on any page with the sorting arrows
- Filter the view to see only the objects from a given app or add-on, owned by a particular user, or those that contain a certain string, with the App context bar.
Use the Search field on the App context bar to search for strings in fields. By default, the Splunk platform searches for the string in all available fields. To search within a particular field, specify that field. Wildcards are supported.
Note: For information about the individual search commands on the Search command page, refer to the Search Reference Manual.
Manage apps and add-ons in clustered environments
Manage apps and their configurations in clustered environments by changing the configuration bundle on the manager node for indexer clusters and the deployer for search head clusters. Access the relevant clustering documentation for details:
- Update common peer configurations and apps in Managing Indexers and Clusters of Indexers.
- Use the deployer to distribute apps and configuration updates in Distributed Search.
Manage apps and add-ons on standalone instances
Update an app or add-on in the CLI
To update an existing app on a standalone Splunk instance using the CLI:
./splunk install app <app_package_filename> -update 1 -auth <username>:<password>
Splunk updates the app or add-on based on the information found in the installation package.
Disable an app or add-on using the CLI
To disable an app on a standalone Splunk instance via the CLI:
./splunk disable app [app_name] -auth <username>:<password>
Note: If you are running Splunk Free, you do not have to provide a username and password.
Uninstall an app or add-on
To remove an installed app from a standalone Splunk platform installation:
- (Optional) Remove the app or add-on's indexed data. Typically, the Splunk platform does not access indexed data from a deleted app or add-on. However, you can use the Splunk CLI clean command to remove indexed data from an app before deleting the app. See Remove data from indexes with the CLI command.
- Delete the app and its directory. The app and its directory are typically located in
$SPLUNK_HOME/etc/apps/<appname>. You can run the following command in the CLI:./splunk remove app [appname] -auth <username>:<password>
- You may need to remove user-specific directories created for your app or add-on by deleting any files found here:
- Restart the Splunk platform.
App architecture and object ownership
Managing app and add-on configurations and properties
This documentation applies to the following versions of Splunk® Enterprise: 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.1.0, 9.1.1